873b3f4e9bcdf5c69e3928012df2b4d5fb94cb964f89ba842bdeb575178e031b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ghosty Permanent Spoofer/SafeGuard-Library.dll
Size

12.5MB
MD5

0ba40688b6a23948b2bd929dd2777a59
SHA1

bc109471bb84c7dc05ee6b1b63eae36c0e6ab209
SHA256

4e3eca4adbe0c4fede28228239dd93bb866ecd0415569ede6464d796e8d1a3a8
SHA512

104b2e48779d9e1f534ceb546f911e535eda1b2645f494313df661aceca41c134d3a10b3e97a00ddf4a40556421369fff3872e466357743bc21ea19e0b0c2156
SSDEEP

196608:SOHt8K/1aCIGzofI1PRcndumYBy9HwMmoiODwuNaENvHkSGC/jcZ1yRTs6:1Hp/ggMIpOnXu2Y0wugOvHaZZUBB

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3812	rundll32.exe
3812	rundll32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133807627575183161"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3812	rundll32.exe
3812	rundll32.exe
1504	chrome.exe
1504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 4868	1504	chrome.exe	106
PID 1504 wrote to memory of 4868	1504	chrome.exe	106
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 4720	1504	chrome.exe	107
PID 1504 wrote to memory of 644	1504	chrome.exe	108
PID 1504 wrote to memory of 644	1504	chrome.exe	108
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109
PID 1504 wrote to memory of 4312	1504	chrome.exe	109

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Ghosty Permanent Spoofer\SafeGuard-Library.dll",#1
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde123cc40,0x7ffde123cc4c,0x7ffde123cc58
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1976,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4620,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5284,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5280,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5220,i,12255282030644198771,3558272232046720497,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:2
  2⤵
  PID:424

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e0345d88309b594b6e5fa332f8841d08

SHA1
e9494e4783ea923a9a083daad7280bd1ebac38df

SHA256
7b6972cd214ecf443c17e18443de47e5e4f739bb38e6944741dc0e040a50a3c1

SHA512
23b64dad6e3a4e325a85fac75e83923dc8b875c966d863c6b9fca48a4b3ae229efce68666d10851dbe83015160f50b1d4865627c4c69c1f7124c275dc7f7660f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a15277b648cd8295f32fed642831d833

SHA1
25d4624fa7f226055eed0c255dc6391d17093b15

SHA256
fd708aa57a7217a8c7aa7fa483c132d3c1d0672021c0339411dd0fecda4298e9

SHA512
36aeb4c682990600ade3612a6c7098067ced042b6dec976a1bcd500f4c7e15ce74717353cf803b2652f81d1a859017739c10cd6bcb02bb93d700e82b6767c0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7efa8fb78226e3e21a14f6ab92340fb1

SHA1
b204511718d2415156d72dd28e68bfbd2c0f916b

SHA256
f68b7139c8bf17d3561ab5f74975726154d4f28138b12a9fa021781e9364b741

SHA512
b079e808c9a7d02d201c36c5f95a850a13d80fea072a8deb577d0483ae3e390fbd8c60156beb8f14fcd03f180dab55d1fb71115221aa81fb5c7604376fda621a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21b430867e9139562346dd9e770fc124

SHA1
ab243d6793a90beb9c5c744b14d524972810b608

SHA256
43585a268f7928235c5bd543ff329246bfbf6e3794b26ddfa9af5502837267a3

SHA512
d6deab1bf66f3e8dbf4bff4a7aaa8d00fc8a0370a9961073a4667a91fcc7935a9270bdd050c8c836d90f0ebf5d25e4b25eb6124a667b90881bf042a4c7f9cebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ec4a811513c2e0368d7356e6da5e40b

SHA1
1133858060f8e8d91976b8e033e0b700bf0933ab

SHA256
7c7bb45797544c29b2cacdbaeaeb03c124cd286246f056e7f86891ba56a9daf9

SHA512
462b8ff32c5cee00e43b6079ca92b648504397da41edb02945501dce658a1cf1d6e38318010291d2aae1d985dfe687b3cdee23db2d0c6e53e84bdd6b06ec894b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb20eb0f7c68d04401aa0db7150d7798

SHA1
96a4a0027c721adee74802c14add0bb0a2f408ab

SHA256
5bdb7903022ae48de5c8efbd99804a7049f2ad5916f144162fc8fc691b927299

SHA512
4cf958bd6b88370dfac1d90b9500e07490c78fdb85ee0b0dc411c6b6c8ab8a2277a05feeeac4fde9c1919f9a210263231148a63a4f0483cfa0b3e64bb593c067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9dc50779cffb39a859c69aa102ed8b3

SHA1
5760b50f2ae3b1d6c48ab7e9250a9480f2c631e2

SHA256
1b363d3298e2bc50987bfa7d924dcbc8f7fcb150906e1732e19d8fe611e3c742

SHA512
e31e758d7ef56aef3753ccc5c3f2451bda52972852efa9b001e344f1893085599c108acc62ec4e4a28823237bf8a746541f131768558ed2c5f20d1402ca4e249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ce09cddebbfa233d4f585b7272590b9

SHA1
227e6c40a44dcfcf013002e475cfa0e452c0d2a7

SHA256
7104b565c610aae05ea5516968823709cb9b5197e059d5c52c5278bf59d21346

SHA512
37511c54a16af11b58f4994e01c7112598f4967511f2f8fb51b33819b594bc46c8536ad5337ca3cbe752df01339aaee688f1d675bd89e50372831c352c96ddeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cab83e6372f4af5a6393c6eb653a4d8

SHA1
17c383e84b0ccbddee0f732b9d31719857c760ba

SHA256
7193a0aab6a6cea6e041b54584e5a2a733353b4c528adac9b6469a7f9f8608e8

SHA512
1a7adb4dd678e73f350559c04cbd65e04557159eafaa1f1ccf30e82fa055b4763a1e96d9a878a5404ab94ecbf8acfbe9950e96470e5fb54955e50c3237ace966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afbd9e4696fdb770761f0ca857dcba5d

SHA1
9d1e21a57f63ab47dd3f72dc7dbb466e0b822149

SHA256
d5ecc2f226c21fb2fc6946de32994c64ffd8f2f764953c3f573d28f04565cedb

SHA512
d0ba60fe80568d8406e281296b23abded949709f6e033cc5a283e876443369217b2b07d03ad86ea82598406a947776b9cfa7ebc633eedb4e7f1596d38dc526f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8711a6deb3f77fba62e43549db65e048

SHA1
647eeea9c32640c00195f9d245221b8e16de35cc

SHA256
0df29c5925862374696142626257234ca35ce5e0542d93938c685b7a96e205b8

SHA512
053ba880e10d4e4a4e9d46fc97b079c430c84925a9d8be8878009ae8ce5c5b5e46804014b1a63c55595f6b45e2cc2322a70ab76f65a2d8fc0acd6c6413791b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dccb9f131edff17c5fce8e61c8a3401e

SHA1
8e92c1ae5f4ad62a57c99f850e19663c7b2a1bc8

SHA256
754c27884e28157761a41a6c87c28cc883167483048be3232e43ca06cb957c36

SHA512
cd676db359c3dd1f1114e82b7b4a50dbfc121a18a8e0e504d7e2b4f81c7371bd544b56ce6c2679f316a54631adf080d564a0802692a2aac2807c976c67da5f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
983487fa6237dc051ac81394107cc846

SHA1
5fe7ba1fa72eb312073b8705619c5e0d0a67878a

SHA256
c928595065bb238f7b7f82ea06e86df0a94d68b0cd324602a1e939a8ab78ebb3

SHA512
e0c4c65c13f9fa70a8bcb15d6999ff87536bb0cd2273161dd2b3dd42ad0ff9992c5e7cc55f605a8387ebeffca5ef47bef21663075f1b456e867872f5b191fe1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
4a8bd45350054799761b0e23a886f9de

SHA1
0d040f858312ba809d4cf0c46228906ac3ad61f3

SHA256
6a7ae20b337fc4cce6eb9f50207d5746e23e6ca15a9070a0cbc2c8d7e8b2a55b

SHA512
786b9ade271360fb5cff3045f983b4511bcb1de6877e80a90a92c3912d796565f5dac6d7a775b8e0aa2f373ff0a27552f5aa60f2091eee816e7d872799e516c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1504_606773505\4becedc5-5ee2-41b1-b966-02e3fb980170.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1504_606773505\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/3812-12-0x00007FFDFF8F0000-0x00007FFDFF8F2000-memory.dmp

Filesize
8KB

Download
memory/3812-11-0x00007FFDFF8E0000-0x00007FFDFF8E2000-memory.dmp

Filesize
8KB

Download
memory/3812-27-0x00007FFDE03E0000-0x00007FFDE1DA5000-memory.dmp

Filesize
25.8MB

Download
memory/3812-23-0x00000208C5C80000-0x00000208C60F9000-memory.dmp

Filesize
4.5MB

Download
memory/3812-31-0x00007FFDE03E0000-0x00007FFDE1DA5000-memory.dmp

Filesize
25.8MB

Download
memory/3812-30-0x00000208C5C80000-0x00000208C60F9000-memory.dmp

Filesize
4.5MB

Download
memory/3812-21-0x00007FFDFF980000-0x00007FFDFF982000-memory.dmp

Filesize
8KB

Download
memory/3812-34-0x00007FFDE03E0000-0x00007FFDE1DA5000-memory.dmp

Filesize
25.8MB

Download
memory/3812-35-0x00007FFDE0458000-0x00007FFDE1120000-memory.dmp

Filesize
12.8MB

Download
memory/3812-18-0x00007FFDFF950000-0x00007FFDFF952000-memory.dmp

Filesize
8KB

Download
memory/3812-19-0x00007FFDFF960000-0x00007FFDFF962000-memory.dmp

Filesize
8KB

Download
memory/3812-20-0x00007FFDFF970000-0x00007FFDFF972000-memory.dmp

Filesize
8KB

Download
memory/3812-15-0x00007FFDFF920000-0x00007FFDFF922000-memory.dmp

Filesize
8KB

Download
memory/3812-16-0x00007FFDFF930000-0x00007FFDFF932000-memory.dmp

Filesize
8KB

Download
memory/3812-17-0x00007FFDFF940000-0x00007FFDFF942000-memory.dmp

Filesize
8KB

Download
memory/3812-22-0x00007FFDFF990000-0x00007FFDFF992000-memory.dmp

Filesize
8KB

Download
memory/3812-10-0x00007FFDFF8D0000-0x00007FFDFF8D2000-memory.dmp

Filesize
8KB

Download
memory/3812-0-0x00007FFDE0458000-0x00007FFDE1120000-memory.dmp

Filesize
12.8MB

Download
memory/3812-13-0x00007FFDFF900000-0x00007FFDFF902000-memory.dmp

Filesize
8KB

Download
memory/3812-14-0x00007FFDFF910000-0x00007FFDFF912000-memory.dmp

Filesize
8KB

Download
memory/3812-8-0x00007FFDFF8C0000-0x00007FFDFF8C2000-memory.dmp

Filesize
8KB

Download
memory/3812-9-0x00007FFDE03E0000-0x00007FFDE1DA5000-memory.dmp

Filesize
25.8MB

Download
memory/3812-4-0x00007FFDFF880000-0x00007FFDFF882000-memory.dmp

Filesize
8KB

Download
memory/3812-5-0x00007FFDFF890000-0x00007FFDFF892000-memory.dmp

Filesize
8KB

Download
memory/3812-6-0x00007FFDFF8A0000-0x00007FFDFF8A2000-memory.dmp

Filesize
8KB

Download
memory/3812-7-0x00007FFDFF8B0000-0x00007FFDFF8B2000-memory.dmp

Filesize
8KB

Download
memory/3812-1-0x00007FFDFF850000-0x00007FFDFF852000-memory.dmp

Filesize
8KB

Download
memory/3812-3-0x00007FFDFF870000-0x00007FFDFF872000-memory.dmp

Filesize
8KB

Download
memory/3812-2-0x00007FFDFF860000-0x00007FFDFF862000-memory.dmp

Filesize
8KB

Download